Where to save ip rule, ip route and iptables commands on Debian Stretch?

Question

To make an SSH server work properly while still maintaining an OpenVPN connection, I have a small mixture of ip-related commands I need to persist and run on startup on a Debian Stretch (actually Raspbian) machine:

iptables -t mangle -A PREROUTING -i "${INTERFACE}" -m conntrack --ctstate NEW -j CONNMARK --set-mark 1234
iptables -t mangle -A OUTPUT -m connmark --mark 1234 -j MARK --set-mark 4321
ip route add default dev "${INTERFACE}" table 1000
ip rule add fwmark 4321 table 1000

INTERFACE is a variable for the default device to use.

Where is the appropriate place to put these commands so that they are automatically executed when the system boots?

score 3 · Accepted Answer · answered Mar 24 '18 at 15:40

On Debian-based systems, you can find a package iptables-persistent. This package enables you to easily save your current iptables rules to be loaded at system startup.

For routing related commands, you can execute them as post-up commands in the network interfaces configuration file. Here is a related post.

Where to save ip rule, ip route and iptables commands on Debian Stretch?

1 Answers1